10/814,539 



03AB111/ALBRP333US 



Amendments to the Claims 
This listing of claims will replace all prior versions of claims in the application: 
Listing of Claims: 

1 . (Currently Amended) A digital rights management system including a processor 
for use in an industrial environment comprising: 

a certification component that provides a local trusted authority to verifies identity 

an access component that establishes rules of use fe¥ associated with automation 
device services based at least upon the identity of the users on the system verified by the 
certification component: the rules of use include at least one of rights to view, modify, 
download, and upload a subset of an automation device program user or e ntity as 
provid e d by a c e rtificat e. 

2. (Original) The system of claim 1, wherein the system is executed by a computer 
remotely located from the automation device. 

3. (Currently amended) The system of claim 2, wherein communication between the 
users [ automation dovico ] and the certification and access components is over a local area 
network. 

4. (Original) The system of claim 3, wherein communication is secured via digital 
certificates which bind public keys to specific users and/or entities to facilitate decryption 
of a message as well as identification of a sender. 

5. (Original) The system of claim 4, wherein the message is digitally signed to 
enable the message to be authenticated. 

6. (Original) The system of claim 1, wherein access to the access component is a 
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restricted component limited to a particular user or group of users via certificates. 

7. (Original) The system of claim 1 , wherein the automation device includes an 
access credential component that defines and restricts access to particular objects and 
services based on the identity of the user as established by a certificate. 

8. (Original) The system of claim 7, wherein the automation device includes a 
virtual key component adapted to retrieve identifying information from a certificate. 

9. (Original) The system of claim 7, wherein the access credential component also 
defines and restricts access based on a personal id provided by a SIM card. 

10. (Original) The system of claim 9, wherein the automation device includes a 
physical key component adapted to retrieve identifying information from the SIM card. 

1 1 . (Original) The system of claim 1, wherein the automation device is one of a 
programmable logic controller, an I/O device, and a communication adaptor. 

12. (Withdrawn) A secure automation device communication system comprising: 

a certification component; and 

a plurality of automation devices that interact with the certification component to 
generate and receive certificates which bind public keys to specific automation devices to 
facilitate identification of the devices that generate encrypted messages. 

13. (Withdrawn) The system of claim 12, wherein the automation devices include 
programmable logic controllers, I/O devices, and communication adapters. 

14. (Withdrawn) The system of claim 12, wherein the automation devices 
communicate messages over a local area network. 

15. (Withdrawn) The system of claim 12, wherein certificates contain an automation 
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device or user name or ID and a public key associated therewith. 

16. (Withdrawn) The system of claim 12, wherein the certification component stores 
certificates in a certificate data store isolated fi-om automation devices. 

17. (Withdrawn) The system of claim 12, wherein automation devices contain private 
keys to facilitate encryption and/or decryption of messages. 

18. (Withdrawn) The system of claim 12, wherein a first automation device utilizes 
one key in a public private key pair to create a secure message component that is 
transmitted to a second automation device. 

19. (Withdrawn) The system of claim 1 8, wherein the second automation device 
receives the secure message component and utilizes the other key in a public private key 
pair to decrypt the message component. 

20. (Withdrawn) The system of claim 12, wherein messages are digitally signed and 
include a message, message digest, and information regarding a hash algorithm. 

2 1 . (Withdrawn) The system of claim 20, wherein the hash algorithm is MD5 . 

22. (Withdrawn) A method of managing digital rights comprising: 
defining rules of use concerning automation device program privileges; 
downloading the rules to an automation device; 

limiting interaction with the automation device based on the rules and an identity 
of a user. 

23 . (Withdrawn) The method of claim 22, wherein user identity is established via 
digital certificates. 

24. (Withdrawn) The method of claim 23, wherein user digital certificates are 
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generated by a local area control component. 

25. (Withdrawn) The method of claim 23, wherein the user identity is established 
utilizing a SIM card. 

26. (Withdrawn) The method of claim 23, wherein user identity is established 
employing biometrics. 

27. (Withdrawn) The method of claim 22, wherein user rules prohibit particular users 
from viewing portions of an automation device program. 

28. (Withdrawn) The method of claim 22, wherein user rules prohibit particular users 
from modifying a ladder logic program. 

29. (Withdrawn) A computer readable medium having stored thereon computer 
executable instructions for carrying out the method of claim 22. 

30. (Currently Amended) An industrial automation device communication 
methodology comprising: 

encrypting a message to be sent to a automation device utilizing a key derived 
from a certification component; 

verifying an identity of the automation device; 

establishing one or more rules of use for the message based at least upon the 
identity of the automation device; and 

transmitting the encrypted message to the automation device. 

31. (Original) The methodology of claim 30, further comprising: 

receiving an encrypted message from an automation device or device controller; 
locating a certificate component associated with the automation device sending 
the message; and 

decrypting the message utilizing the pubHc key provided by the certificate 
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component. 

32. (Original) The method of claim 3 1 , wherein the automation device is an industrial 
programmable logic controller (PLC). 

33. (Original) The method of claim 32, wherein the message is a PLC program. 

34. (Original) The method of claim 3 1 , wherein locating the certificate component 
comprises searching local automation device store. 

35 . (Previously amended) The method of claim 3 1 , wherein locating the certificate 
comprises downloading the certificate from the certification component. 

36. (Original) A computer readable medium having stored thereon computer 
executable instructions for carrying out the method of claim 3 1 . 

37. (Currently Amended) A method of industrial automation device communication 
comprising: 

generating a digitally signed message component comprising a message, a 

message digest, a certificate[ieft] component, and hash function data, wherein the 
message component is generated by a first industrial automation device; 
verifying an identity of the automation device: 

establishing one or more rules of use for the message component based at least 
upon the identity of the automation device: and 

transmitting the message component to a second industrial automation device. 

38. (Original) The method of claim 37, further comprising encrypting the message 
component prior to transmission. 

39. (Original) The method of claim 38, fiirther comprising receiving and decrypting 
the message component. 
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40. (Original) The method of claim 37, fiirther comprising authenticating the message 
by retrieving a hash function in accordance with the hash information, generating a 
message digest by applying the retrieved hash function to the received message and 
comparing the generated message digest with the message digest retrieved fi-om the 
message component. 

41 . (Original) A computer readable medium having stored thereon computer 
executable instructions for carrying out the method of claim 37. 
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